grok-search
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill communicates exclusively with official xAI API endpoints (api.x.ai) to perform search and chat operations.
- [SAFE]: Sensitive credentials like the xAI API key are retrieved from environment variables or a local configuration file (~/.clawdbot/clawdbot.json) rather than being hardcoded in the source code.
- [SAFE]: No external dependencies are used; the scripts rely solely on Node.js built-in modules, minimizing the risk of supply chain attacks.
- [SAFE]: File system access in the chat script is restricted to specific image extensions, preventing the reading of sensitive text-based configuration files as image data.
- [SAFE]: Although the skill processes external search results, it does not pass this data to any dangerous sinks such as eval() or shell execution, ensuring protection against indirect prompt injection.
Audit Metadata